Computer systems often are used to manage and process business data. To do so, a business enterprise may use various applications running on one or more computer systems. Application programs may be used to process business transactions, such as taking and fulfilling customer orders, providing supply chain and inventory management, performing human resource management functions, and performing financial management functions. Application programs also may be used for analyzing data, including analyzing data obtained through transaction processing systems. A business enterprise often may have a large volume of data and a large number of users who access data to process business transactions or to analyze data.
It may not be desirable for all users of a computer system to have access to all data in the computer system. This may be particularly true when a computer system has a large volume of data or is accessible to users or other computer systems over a private or public network.
One approach to preventing access to some portions of data by some users while permitting access to the portions of data by other users is to assign particular users access privileges to particular portions of the data. Creating and updating access control information so that the access control information accurately provides access to the appropriate portions of data to the appropriate users may be a complex process. For example, when the appropriate portions of the data are distributed across multiple computer systems, the access control information may be specified on each of the multiple computer systems, such that consistency must be maintained between the access control information specified on different computer systems and the access control information must be properly formatted for each of the different computer systems.